Privacy Policy

Last Updated: June 5, 2025

Context and Acceptance

This Privacy Policy (“Policy”) is part of the Terms of Use (“Terms”), available here, which govern your access to and use of the AppGuide platform and its associated tools, including AppGuide.ca, pls.AppGuide.ca, AppGuide PRO, AppGuide Review, AppGuide Studio, and AppGuide for Developers (collectively, the “Platform”). By accessing or using the Platform, you agree to be bound by these Terms.

The Platform is developed and operated by AppGuide Inc. (“AppGuide”) as part of the Première Ligne en Santé initiative, on behalf of Productions Plakett inc. (collectively, “PLS”). Its purpose is to guide users toward digital health resources in a manner that respects the right to privacy and the protection of personal information.

Summary of Our Commitment to Your Privacy

We believe privacy is a fundamental right. Accordingly:

  • No medical data is collected on the Platform.

  • We never sell your personal information.

  • We only collect what is strictly necessary to operate, improve, and secure the site, and only for the minimal time required.

  • We apply a “Privacy by Design” approach, integrating data protection into the Platform’s design, systems, processes, and governance.

  • You retain control of your data at all times.

Data Collected

We do not collect, store, or process any personal health information (PHI) as defined by HIPAA, or any sensitive data as defined by the GDPR, Québec’s Law 25, or Canada’s PIPEDA.

We only collect personal information that is necessary to provide the services offered, in line with the principles of data minimization and Privacy by Design. Data collection is carried out securely and proportionally to your interactions with the Platform.

Types of data that may be collected:

  • Usage Data: IP address, browser, device type, interactions (clicks, searches), visited pages. This data is anonymized and used for statistical purposes.

  • Identification Information: First and last name, email address, profession, organizational affiliation (when an account is required).

Voluntarily Provided Content: Ratings, feedback, or comments on digital health tools.

Purpose of Data Collection

Personal data is collected strictly for the following purposes:

  • Creating and managing your user account (legal basis: explicit consent)

  • Providing access to essential Platform features (legal basis: performance of service)

  • Continuously improving the user experience by contextually personalizing certain services (legal basis: legitimate interest)

  • Ensuring the performance, security, and integrity of the Platform (legal basis: legitimate interest)

  • Generating aggregated, anonymized statistics for evaluation, research, or optimization purposes (legal basis: public interest, legitimate interest)

What We Do Not Do

  • No targeted advertising or retargeting

  • No sharing or resale of your data to commercial third parties

  • No third-party cookies or tracking mechanisms not essential to site functionality

  • No automated profiling for decision-making purposes

Data Retention

Data is retained only as long as necessary to fulfill the purposes listed above and in compliance with legal and contractual requirements. Once these purposes are fulfilled or the account is deactivated, data is securely deleted or anonymized.

Your Privacy Rights

AppGuide respects your personal data rights in accordance with applicable laws, including Québec’s Law 25, Canada’s PIPEDA, the General Data Protection Regulation (GDPR) of the European Union, and other relevant frameworks.

Depending on your residence and legal jurisdiction, you may exercise the following rights:

  • Right of Access: Request access to the personal information we hold about you, including how it is used, shared, or stored.

  • Right to Rectification: Request correction of inaccurate, incomplete, or outdated personal information.

  • Right to Erasure (“Right to be Forgotten”): In certain cases, request the deletion of your personal information when it is no longer necessary.

  • Right to Object or Withdraw Consent: Withdraw your consent at any time or object to specific data processing unless required by law or essential for service delivery.

  • Right to Data Portability (GDPR): If you are an EU resident, obtain your data in a structured, machine-readable format and transfer it to another provider, where technically feasible.

  • Right to Restriction of Processing: Request a temporary suspension of data processing while a correction, deletion, or objection request is under review.

Exercising Your Rights

To exercise any of the above rights, contact AppGuide’s Privacy Officer using the contact details provided in the Contact Us section. We will respond within a reasonable time and in accordance with applicable legal requirements.

AppGuide’s Privacy Officer serves as the official representative under the following frameworks:

Law 25 (Québec)

AppGuide has designated a Person in Charge of the Protection of Personal Information (RPRP), responsible for overseeing the secure collection, retention, communication, and deletion of data. Privacy Impact Assessments (PIAs) are conducted as required.

PIPEDA (Canada)

AppGuide applies the 10 principles of PIPEDA, including consent, collection limitation, transparency, secure storage, and user access to data. The designated Privacy Officer ensures compliance with responsibilities, transparency, and security.

GDPR (European Union)

For EU users, AppGuide complies with GDPR principles such as explicit consent, data minimization, and the rights to erasure, rectification, portability, and objection. A Data Protection Officer (DPO) has been appointed under Article 37 of the GDPR. The DPO operates independently and ensures compliance with personal data matters concerning EU users.

HIPAA (United States)

The Platform is not subject to HIPAA, as it does not collect, store, or process Protected Health Information (PHI) under this law. No diagnoses, treatments, or identifiable medical records are collected. Therefore, HIPAA-specific obligations do not apply to our services.

Data Location

Where possible, data is stored in Québec or elsewhere in Canada, within cloud environments that meet applicable privacy and security standards. However, some technology providers may be based in the United States, meaning data may be processed or hosted outside Canada.

In such cases, we implement Standard Contractual Clauses, Privacy Impact Assessments, and appropriate legal and technical safeguards to ensure proper cross-border data protection in compliance with Law 25, GDPR, and other applicable laws.

Security Standards

AppGuide relies on Google Cloud Platform (GCP) for secure cloud hosting and data processing. GCP is certified under several international security and compliance standards, including:

  • SOC 1, SOC 2, SOC 3

  • ISO/IEC 27001, 27017, 27018

  • HITRUST, HIPAA, PIPEDA, PCI DSS, and more

Additionally, AppGuide maintains an Information Security Management System (ISMS) and complies with SOC 2 Type II controls, including:

  • Encryption of data in transit and at rest

  • Logging, monitoring, and anomaly detection

  • Role-based, granular access controls

  • Ongoing staff training in security and privacy

  • Regular internal audits and continuous improvement

This integrated approach ensures a high level of personal data protection in line with current regulatory expectations.

Access to External Applications

The Platform provides guidance toward digital health apps. These links are provided in good faith.

Before being listed, each tool undergoes a rigorous evaluation process combining:

  • Automated analysis of security, accessibility, and transparency

  • Review by an independent expert committee

However, these are external services operated by third parties over which AppGuide and PLS have no control. Each has its own privacy policy and terms of use. We encourage you to read them carefully before using any external app.

Updates

This policy may be updated to reflect technological, legal, or organizational changes. Any significant changes will be clearly communicated via the Platform.

Contact Us

For any questions about this Policy or your personal information, contact AppGuide’s Privacy Officer, who serves as the RPRP (Law 25), Privacy Officer (PIPEDA), and DPO (GDPR):

By email: vieprivee@appguide.ca

By mail:

303-164 Cowie Street, Granby, QC, J2G 3V3, Canada

You can also contact Productions Plakett inc. via their website: https://premiereligneensante.com/contact/#contact